There has never been a more exciting time in banking than now. Financial wellness apps and digital tools help users manage their finances, automate their savings, boost their credit, track their spending and investments, and create and follow budgets. Consumers and businesses have control over their finances right from their phones or desktops. The list of innovative fintech companies and the use cases for their financial wellness apps goes on and on. Just see our recent two-part series on 15 fintech companies to look out for in 2020 to see what we mean.
However, in order to continue to allow users access and full functionality to these apps, fintech companies require data—and, more specifically, permission to access it.
The Financial Data and Technology Association (FDATA) of North America released a January 2020 white paper on credential-based authentication that could affect billions. The data shows that 1.8 billion consumer accounts in the U.S. would lose functionality to financial apps they depend on. This could happen if screen scraping (which we’ll define shortly) were no longer allowed and only the largest financial institutions’ APIs were available to users.
Today, we’ll unpack this statement and supporting statistics, looking at what credential-based authentication means for the future of banking.
What is credential-based authentication?
All digital platforms—websites, applications, social networks, etc.—require some authentication that the owner is who they say they are. Some websites’ authentication credentials only require an email and a password from the owner. That is called password-based authentication.
Others, especially those linked to financial accounts with sensitive data, require further identification and verification for protection and security. These require credential-based authentication, such as name, email, password, date of birth, and account details, such as a bank account number, or extra verification through another connected device. This is credential-based authentication.
Another form of authentication that many fintechs are moving toward, including ourselves here at VoPay, is through tokenization. We recently wrote a post called Tokenization: The secret key to digital payment security.
In the post, we explain that tokenization is a form of credential-based authentication that adds an extra layer of security to consumers’ sensitive information and is more user-friendly. Tokens are a kind of credential that is far superior to anything that passwords and email addresses could ever provide. They can only be created by the credential owner and the information provided is algorithmically scrambled to protect against hackers decoding the information. These tokens replace and retain the essential information, not unlike a secure lockbox.
Impact of credential-based authentication on fintech apps
This superior level of identification, verification, and security is essential to protecting consumers’ sensitive information. But it is also essential for fintech applications to function and support the users effectively. Unfortunately, many innovative banking tools that consumers (could) use on a daily basis, are working with missing data or are screen-scraping to fill in the blanks.
Screen scraping is the process of collecting screen display data from one application to another. Most often, this is done as a last resort and captures data from an older, legacy application to display it through a modern app or website. Having to screen scrape in order to provide a modern service to consumers makes a great case for open banking—or the collaborative sharing and use of financial data. But that’s another story, which you can read here.
If screen scraping was prohibited, open banking never comes into effect, and consumers were to rely only on applications built by major banks, what would happen? How would fintech companies that provide financial wellness apps be impacted? The short answer is that without all of the user data—and access to it—they cannot function fully.
According to the FDATA North America data, the impacted consumer and small business use cases in the U.S. would include:
- +530 million loan accounts for retirement planning, financial wellness, and debt reduction
- +310 million accounts to manage and pay account balances and provide overdraft protection
- +330 million investment accounts
- +210 million accounts to help move and save money
- Almost 200 million transactions accounts
- Almost 140 million accounts fighting fraud and providing identity verification and authentication
- +100 million credit accounts
In the end, credential-based authentication is essential for encouraging innovation and competition in the banking and technology sector. It gives consumers the power to control who has access to their financial information and the choice of what they want to do with it. It gives them the freedom, tools, and support to manage and improve their financial wellness like never before.